You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2021/04/12 03:54:00 UTC

[jira] [Resolved] (HADOOP-17632) Please upgrade the log4j dependency to log4j2

     [ https://issues.apache.org/jira/browse/HADOOP-17632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wei-Chiu Chuang resolved HADOOP-17632.
--------------------------------------
    Fix Version/s:     (was: 3.4.0)
                       (was: 3.3.0)
       Resolution: Duplicate

> Please upgrade the log4j dependency to log4j2
> ---------------------------------------------
>
>                 Key: HADOOP-17632
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17632
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: common
>    Affects Versions: 3.3.0
>            Reporter: helen huang
>            Priority: Major
>
> The log4j dependency being use by hadoop-common is currently version 1.2.17. Our fortify scan picked up a couple of issues with this dependency. Please upgrade it to the latest version of log4j2 dependencies:
> <dependency>
>  <groupId>org.apache.logging.log4j</groupId>
>  <artifactId>log4j-api</artifactId>
>  <version>2.14.1</version>
> </dependency>
> <dependency>
>  <groupId>org.apache.logging.log4j</groupId>
>  <artifactId>log4j-core</artifactId>
>  <version>2.14.1</version>
> </dependency>
>  
> The slf4j dependency will need to be updated as well after you upgrade log4j to log4j2.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org